foreman_salt 0.0.2

data/Rakefile

@@ -0,0 +1,40 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ForemanSalt'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/controllers/foreman_salt/concerns/hostgroups_controller_extensions.rb

@@ -0,0 +1,19 @@
+module ForemanSalt
+  module Concerns
+    module HostgroupsControllerExtensions
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method_chain :load_vars_for_ajax, :salt_modules
+      end
+
+      private
+
+      def load_vars_for_ajax_with_salt_modules
+        load_vars_for_ajax_without_salt_modules
+        @salt_modules =           @hostgroup.salt_modules
+        @inherited_salt_modules = @hostgroup.inherited_salt_modules
+      end
+    end
+  end
+end

data/app/controllers/foreman_salt/concerns/hosts_controller_extensions.rb

@@ -0,0 +1,69 @@
+module ForemanSalt
+  module Concerns
+    module HostsControllerExtensions
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method :find_by_name_salt, :find_by_name
+        before_filter :find_by_name_salt, :only => [:saltrun]
+        alias_method_chain :action_permission, :salt_run
+        alias_method_chain :load_vars_for_ajax, :salt_modules
+        alias_method_chain :process_hostgroup, :salt_modules
+      end
+
+      def saltrun
+        if @host.saltrun!
+          notice _("Successfully executed, check log files for more details")
+        else
+          error @host.errors[:base].to_sentence
+        end
+        redirect_to host_path(@host)
+      end
+
+      def salt_external_node
+        begin
+          @host = resource_base.find_by_name(params[:name])
+          enc = {}
+          enc["classes"] = @host.salt_modules.any? ? @host.salt_modules.map(&:name) : []
+          enc["parameters"] = @host.info["parameters"]
+          respond_to do |format|
+            format.html { render :text => "<pre>#{ERB::Util.html_escape(enc.to_yaml)}</pre>" } 
+            format.yml  { render :text => enc.to_yaml }
+          end
+        rescue
+          logger.warn "Failed to generate external nodes for #{@host} with #{$!}"
+          render :text => _('Unable to generate output, Check log files\n'), :status => 412 and return
+        end
+      end
+
+      def process_hostgroup_with_salt_modules
+        @hostgroup = Hostgroup.find(params[:host][:hostgroup_id]) if params[:host][:hostgroup_id].to_i > 0
+        return head(:not_found) unless @hostgroup
+
+        @salt_modules           = @host.salt_modules if @host 
+        @inherited_salt_modules = @hostgroup.salt_modules
+        process_hostgroup_without_salt_modules
+      end
+
+      private
+
+      def action_permission_with_salt_run
+        case params[:action]
+          when 'saltrun'
+            :saltrun
+          when 'salt_external_node'
+            :view
+          else
+            action_permission_without_salt_run
+        end
+      end
+
+      def load_vars_for_ajax_with_salt_modules
+        return unless @host
+        @salt_modules           = @host.salt_modules 
+        @inherited_salt_modules = @host.hostgroup.salt_modules if @host.hostgroup
+        load_vars_for_ajax_without_salt_modules
+      end
+    end
+  end
+end

data/app/controllers/foreman_salt/concerns/smart_proxy_auth_extensions.rb

@@ -0,0 +1,24 @@
+module ForemanSalt
+  module Concerns
+    module SmartProxyAuthExtensions
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method_chain :require_puppetmaster_or_login, :salt
+        case self.controller_path
+          when 'hosts'
+            add_puppetmaster_filters [::HostsController::PUPPETMASTER_ACTIONS, :salt_external_node].flatten
+        end
+      end
+
+      def require_puppetmaster_or_login_with_salt
+        if auth_smart_proxy(::SmartProxy.with_features("Salt"), ::Setting[:require_ssl_puppetmasters])
+          set_admin_user
+          return true
+        else
+          require_puppetmaster_or_login_without_salt
+        end
+      end
+    end
+  end
+end

data/app/controllers/foreman_salt/concerns/unattended_controller_extensions.rb

@@ -0,0 +1,18 @@
+module ForemanSalt
+  module Concerns
+    module UnattendedControllerExtensions
+      extend ActiveSupport::Concern
+
+      included do
+        before_filter :handle_salt, :only => [:provision]
+      end
+
+      private
+
+      def handle_salt
+        return true if @spoof
+        render(:text => _("Failed to set autosign for host. Terminating the build!"), :status => 500) unless @host.respond_to?(:handle_salt) && @host.handle_salt
+      end
+    end
+  end
+end

data/app/controllers/foreman_salt/salt_autosign_controller.rb

@@ -0,0 +1,43 @@
+module ForemanSalt
+  class SaltAutosignController < ::ApplicationController
+
+    def index
+      setup
+      autosign = @api.autosign_list
+      @autosign = autosign.paginate :page => params[:page], :per_page => Setting::General.entries_per_page
+    end
+
+    def new
+      setup
+    end
+
+    def create
+      setup
+
+      if @api.autosign_create(params[:id])
+        process_success({:success_redirect => hash_for_smart_proxy_salt_autosign_index_path, :success_msg => _("Autosign created for #{params[:id]}"),
+                         :object_name => params[:id]})
+      else
+        process_error({:redirect => hash_for_smart_proxy_salt_autosign_index_path})
+      end
+    end
+
+    def destroy
+      setup
+
+      if @api.autosign_remove(params[:id])
+        process_success({:success_redirect => hash_for_smart_proxy_salt_autosign_index_path, :success_msg => _("Autosign deleted for #{params[:id]}"),
+                          :object_name => params[:id]})
+      else
+        process_error({:redirect => hash_for_smart_proxy_salt_autosign_index_path})
+      end
+    end
+
+    private
+
+    def setup
+      @proxy = SmartProxy.authorized(:view_smart_proxies_salt_autosign).find(params[:smart_proxy_id])
+      @api = ProxyAPI::Salt.new({:url => @proxy.url})
+    end
+  end
+end

data/app/controllers/foreman_salt/salt_keys_controller.rb

@@ -0,0 +1,59 @@
+module ForemanSalt
+  class SaltKeysController < ::ApplicationController
+
+    def index
+      @proxy = find_proxy
+
+      Rails.cache.delete("saltkeys_#{@proxy.id}") if params[:expire_cache] == "true"
+      keys = if params[:state].blank?
+               SmartProxies::SaltKeys.all @proxy
+             else
+               SmartProxies::SaltKeys.find_by_state @proxy, params[:state].downcase
+             end
+      @keys = keys.sort.paginate :page => params[:page], :per_page => Setting::General.entries_per_page
+    end
+
+    def accept
+      @proxy = find_proxy(permission = :edit_smart_proxies_salt_keys)
+      key = SmartProxies::SaltKeys.find(@proxy, params[:salt_key_id])
+      if key.accept
+        process_success({:success_redirect => hash_for_smart_proxy_salt_keys_path(:state => params[:state], :expire_cache => true),
+                         :success_msg => _("Key accepted for #{key}"), :object_name => key.to_s})
+      else
+        process_error({:redirect => hash_for_smart_proxy_salt_keys_path(:state => params[:state], :expire_cache => true)})
+      end
+    end
+
+    def reject
+      @proxy = find_proxy(permission = :edit_smart_proxies_salt_keys)
+      key = SmartProxies::SaltKeys.find(@proxy, params[:salt_key_id])
+      if key.reject
+        process_success({:success_redirect => hash_for_smart_proxy_salt_keys_path(:state => params[:state], :expire_cache => true),
+                         :success_msg => _("Key rejected for #{key}"), :object_name => key.to_s})
+      else
+        process_error({:redirect => hash_for_smart_proxy_salt_keys_path(:state => params[:state], :expire_cache => true)})
+      end
+    end
+
+    def destroy
+      @proxy = find_proxy(permission = :destroy_smart_proxies_salt_keys)
+      key = SmartProxies::SaltKeys.find(@proxy, params[:id])
+      if key.delete
+        process_success({:success_redirect => hash_for_smart_proxy_salt_keys_path(:state => params[:state], :expire_cache => true),
+                         :success_msg => _("Key deleted for #{key}"), :object_name => key.to_s})
+      else
+        process_error({:redirect => hash_for_smart_proxy_salt_keys_path(:state => params[:state], :expire_cache => true)})
+      end
+    end
+
+    private
+
+    def controller_permission
+      'smart_proxies_salt_keys'
+    end
+
+    def find_proxy(permission = :view_smart_proxies_salt_keys)
+      SmartProxy.authorized(permission).find(params[:smart_proxy_id])
+    end
+  end
+end

data/app/controllers/foreman_salt/salt_modules_controller.rb

@@ -0,0 +1,45 @@
+module ForemanSalt
+  class SaltModulesController < ::ApplicationController
+    include Foreman::Controller::AutoCompleteSearch
+
+    before_filter :find_by_name, :only => [:edit, :update, :destroy]
+
+    def index
+      @salt_modules = resource_base.search_for(params[:search], :order => params[:order]).paginate(:page => params[:page])
+    end
+
+    def new
+      @salt_module = SaltModule.new
+    end
+
+    def create
+      logger.info("Params: #{params.inspect}")
+      @salt_module = SaltModule.new(params[:foreman_salt_salt_module])
+      if @salt_module.save
+        process_success
+      else
+        process_error
+      end
+    end
+
+    def edit
+    end
+
+    def update
+      if @salt_module.update_attributes(params[:foreman_salt_salt_module])
+        notice _("Successfully updated %s." % @salt_module.to_s)
+        redirect_to salt_modules_path
+      else
+        process_error
+      end
+    end
+
+    def destroy
+      if @salt_module.destroy
+        process_success
+      else
+        process_error
+      end
+    end
+  end
+end

data/app/helpers/concerns/foreman_salt/hosts_helper_extensions.rb

@@ -0,0 +1,28 @@
+module ForemanSalt
+  module HostsHelperExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      alias_method_chain :host_title_actions, :salt_run
+      alias_method_chain :show_appropriate_host_buttons, :salt
+    end
+
+    def show_appropriate_host_buttons_with_salt(host)
+      (show_appropriate_host_buttons_without_salt(host) +
+         [(link_to_if_authorized(_("Salt ENC"), {:controller => :hosts, :action => :salt_external_node, :name => host},
+         :title => _("Salt external nodes YAML dump"), :class => 'btn btn-default') unless host.salt_master.blank?)]).flatten.compact
+    end
+
+    def host_title_actions_with_salt_run(host)
+        title_actions(
+          button_group(
+            if host.try(:salt_proxy)
+              link_to_if_authorized(_("Run Salt"), {:controller => :hosts, :action => :saltrun, :id => @host},
+                                    :title => _("Trigger a state.highstate run on a node"))
+            end
+          )
+        )
+        host_title_actions_without_salt_run(host)
+    end
+  end
+end

data/app/helpers/concerns/foreman_salt/smart_proxies_helper_extensions.rb

@@ -0,0 +1,22 @@
+module ForemanSalt
+  module SmartProxiesHelperExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      alias_method_chain :proxy_actions, :salt_proxy
+    end
+
+    def proxy_actions_with_salt_proxy(proxy, authorizer)
+      salt = proxy.features.detect { |feature| feature.name == 'Salt' }
+      [
+        if salt
+          display_link_if_authorized(_("Salt Keys"), {:controller => 'foreman_salt/salt_keys', :action => 'index', :smart_proxy_id => proxy})
+        end,
+
+        if salt
+          display_link_if_authorized(_("Salt Autosign"), {:controller => 'foreman_salt/salt_autosign', :action => 'index', :smart_proxy_id => proxy})
+        end
+      ] + proxy_actions_without_salt_proxy(proxy, authorizer)
+    end
+  end
+end

data/app/helpers/foreman_salt/salt_keys_helper.rb

@@ -0,0 +1,9 @@
+module ForemanSalt
+  module SaltKeysHelper
+    def salt_keys_state_filter
+      select_tag "Filter", options_for_select(["", _("Accepted"),_("Rejected"), _("Unaccepted")], params[:state]),
+        :onchange => "window.location.href = location.protocol + '//' + location.host + location.pathname + (this.value == '' ? '' : ('?state=' + this.value))"
+    end
+  end
+end
+

data/app/lib/proxy_api/salt.rb

@@ -0,0 +1,60 @@
+module ::ProxyAPI
+  class Salt < ::ProxyAPI::Resource
+    def initialize args
+      @url  = args[:url] + "/salt/"
+      super args
+    end
+
+    def autosign_list
+      parse(get("autosign"))
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to fetch autosign list"))
+    end
+
+    def autosign_create name
+      parse(post("", "autosign/#{URI.escape(name)}"))
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to set Salt autosign for %s"), name)
+    end
+
+    def autosign_remove name
+      parse(delete("autosign/#{URI.escape(name)}"))
+    rescue RestClient::ResourceNotFound
+      true # entry doesn't exists anyway
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to delete Salt autosign for %s"), name)
+    end
+
+    def key_list
+      parse(get("key"))
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to fetch Salt key list"))
+    end
+
+    def key_accept name
+      parse(post("","key/#{name}"))
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to accept Salt key for %s"), name)
+    end
+
+    def key_reject name
+      parse(delete("key/reject/#{name}"))
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to reject Salt key for %s"), name)
+    end
+
+    def key_delete name
+      parse(delete("key/#{name}"))
+    rescue RestClient::ResourceNotFound
+      true
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to delete Salt key for %s"), name)
+    end
+
+    def highstate name
+      parse(post("", "highstate/#{name}"))
+    rescue => e
+      raise ProxyException.new(url, e, N_("Unable to run Salt state.highstate for %s"), name)
+    end
+  end
+end

data/app/models/concerns/foreman_salt/host_managed_extensions.rb

@@ -0,0 +1,64 @@
+module ForemanSalt
+  module HostManagedExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      has_and_belongs_to_many :salt_modules, :class_name => "ForemanSalt::SaltModule", :join_table => "hosts_salt_modules", :foreign_key => "host_id"
+      belongs_to :salt_proxy, :class_name => "SmartProxy"
+      alias_method_chain :params, :salt_proxy
+      alias_method_chain :set_hostgroup_defaults, :salt_proxy
+      alias_method_chain :smart_proxy_ids, :salt_proxy
+    end
+
+    def handle_salt
+      return true unless salt?
+      salt_autosign_create
+    end
+
+    def params_with_salt_proxy
+      params = params_without_salt_proxy
+      params["salt_master"] = salt_master unless salt_master.blank?
+      params
+    end
+
+    def salt_modules
+      return super unless hostgroup
+      [super + hostgroup.salt_modules].flatten
+    end
+
+    def salt_module_ids
+      return super unless hostgroup
+      [super + hostgroup.salt_module_ids].flatten
+    end
+
+    def salt_master
+      salt_proxy.to_s
+    end
+
+    def saltrun!
+      unless salt_proxy.present?
+        errors.add(:base, _("No Salt master defined - can't continue"))
+        logger.warn "Unable to execute salt run, no salt proxies defined"
+        return false
+      end
+      ProxyAPI::Salt.new({:url => salt_proxy.url}).highstate name
+    rescue => e
+      errors.add(:base, _("Failed to execute state.highstate: %s") % e)
+      false
+    end
+
+    def set_hostgroup_defaults_with_salt_proxy
+       return unless hostgroup
+       assign_hostgroup_attributes(%w{salt_proxy_id})
+       set_hostgroup_defaults_without_salt_proxy
+    end
+
+    def smart_proxy_ids_with_salt_proxy
+      ids = smart_proxy_ids_without_salt_proxy
+      [salt_proxy, hostgroup.try(:salt_proxy)].compact.each do |proxy|
+        ids << proxy.id
+      end
+      ids
+    end
+  end
+end

data/app/models/concerns/foreman_salt/hostgroup_extensions.rb

@@ -0,0 +1,49 @@
+module ForemanSalt
+  module HostgroupExtensions
+    extend ActiveSupport::Concern
+
+    included do
+      has_and_belongs_to_many :salt_modules, :class_name => "ForemanSalt::SaltModule"
+      belongs_to :salt_proxy, :class_name => "SmartProxy"
+    end
+
+    def salt_modules
+      return super unless ancestry.present?
+      ([super] + [inherited_salt_modules]).flatten.uniq.compact
+    end
+
+    def salt_module_ids
+      return super unless ancestry.present?
+      ([super] + [inherited_salt_module_ids]).flatten.uniq.compact
+    end
+
+    def inherited_salt_modules
+      ForemanSalt::SaltModule.where(:id => inherited_salt_module_ids)
+    end
+
+    def inherited_salt_module_ids
+      if ancestry.present?
+        self.class.sort_by_ancestry(ancestors.reject { |ancestor| ancestor.salt_module_ids.empty? }).last.try(:salt_modules)
+      else
+        []
+      end
+    end
+
+    def salt_proxy
+      return super unless ancestry.present?
+      SmartProxy.find_by_id(inherited_salt_proxy_id)
+    end
+
+    def inherited_salt_proxy_id
+      if ancestry.present?
+        read_attribute(:salt_proxy_id) || self.class.sort_by_ancestry(ancestors.where("salt_proxy_id is not NULL")).last.try(:salt_proxy_id)
+      else
+        self.salt_proxy_id
+      end
+    end
+
+    def salt_master
+      salt_proxy.to_s
+    end
+  end
+end

data/app/models/concerns/foreman_salt/orchestration/salt.rb

@@ -0,0 +1,72 @@
+module ForemanSalt
+  module Orchestration
+    module Salt
+      extend ActiveSupport::Concern
+      include ::Orchestration
+
+      included do
+        after_validation :queue_salt_autosign
+        before_destroy   :queue_salt_destroy
+      end
+
+      def salt?
+        name.present? && salt_proxy.present?
+      end
+
+      def initialize_salt
+        @salt_api ||= ProxyAPI::Salt.new :url => salt_proxy.url
+      end
+
+      def queue_salt_autosign
+        return unless salt? && errors.empty?
+        new_record? ? queue_salt_autosign_create : queue_salt_autosign_update
+      end
+
+      def queue_salt_autosign_create
+        # do nothing - we'll set autosign at the last second: when a host requests a provision URL
+      end
+
+      def queue_salt_autosign_update
+        # Host has been built --> remove auto sign
+        if old.build? and !build?
+          queue.create(:name => _("Remove autosign entry for %s") % self, :priority => 50, :action => [self, :salt_autosign_remove])
+        end
+      end
+
+      def queue_salt_destroy
+        queue.create(:name => _("Remove autosign entry for %s") % self, :priority => 50, :action => [self, :salt_autosign_remove])
+        queue.create(:name => _("Delete existing salt key for %s") % self, :priority => 50, :action => [self, :salt_key_delete])
+      end
+
+      def queue_salt_autosign_remove
+        return unless salt? && errors.empty?
+        queue.create(:name => _("Remove autosign entry for %s") % self, :priority => 50, :action => [self, :salt_autosign_remove])
+      end
+
+      def salt_autosign_create
+        logger.info "Create autosign entry for #{name}"
+        initialize_salt
+        salt_key_delete # if there's already an existing key
+        @salt_api.autosign_create name
+      rescue => e
+        failure _("Failed to create %{name}'s Salt autosign entry: %{e}") % { :name => name, :e => proxy_error(e) }
+      end
+
+      def salt_autosign_remove
+        logger.info "Remove autosign entry for #{name}"
+        initialize_salt
+        @salt_api.autosign_remove name
+      rescue => e
+        failure _("Failed to remove %{name}'s Salt autosign entry: %{e}") % { :name => name, :e => proxy_error(e) }
+      end
+
+      def salt_key_delete
+        logger.info "Delete salt key for #{name}"
+        initialize_salt
+        @salt_api.key_delete name
+      rescue => e
+        failure _("Failed to delete %{name}'s Salt key: %{e}") % { :name => name, :e => proxy_error(e) }
+      end
+    end
+  end
+end

data/app/models/foreman_salt/fact_name.rb

@@ -0,0 +1,4 @@
+module ForemanSalt
+  class FactName < ::FactName; end
+end
+

data/app/models/foreman_salt/salt_module.rb

@@ -0,0 +1,22 @@
+module ForemanSalt
+  class SaltModule < ActiveRecord::Base
+    include Taxonomix
+    include Authorizable
+
+    before_destroy EnsureNotUsedBy.new(:hosts, :hostgroups)
+    has_and_belongs_to_many :hosts, :class_name => "::Host::Managed", :join_table => "hosts_salt_modules",
+                            :association_foreign_key => 'host_id'
+
+    has_and_belongs_to_many :hostgroups, :class_name => "::Hostgroup", :join_table => "hostgroups_salt_modules"
+
+    validates :name, :uniqueness => true, :presence => true, :format => { :with => /\A[\w\d]+\z/, :message => N_("is alphanumeric and cannot contain spaces") }
+
+    default_scope lambda {
+      order("salt_modules.name")
+    }
+
+    scoped_search :on => :name, :complete_value => true
+    scoped_search :in => :hostgroups, :on => :name, :complete_value => true, :rename => :hostgroup
+    scoped_search :in => :hosts, :on => :name, :complete_value => true, :rename => :host
+  end
+end

data/app/overrides/foreman/salt_modules/_host_tab.html.erb

@@ -0,0 +1,2 @@
+<li><a href="#salt_modules" data-toggle="tab"><%= _('Salt Modules') %></a></li>
+